--- title: "Even faster 3 am troubleshooting with new logs search and query" page_name: "Even faster 3 am troubleshooting with new logs search and query" type: "blog" slug: "faster-troubleshooting-logs-search-query" published_at: "2023-04-11" modified_at: "2025-11-19" url: "https://www.sumologic.com/blog/faster-troubleshooting-logs-search-query" canonical: "https://www.sumologic.com/blog/faster-troubleshooting-logs-search-query" markdown_url: "https://www.sumologic.com/blog/faster-troubleshooting-logs-search-query.md" lang: "en" excerpt: "Recently released log analytics search and querying help engineers save time and effort when troubleshooting issues. Learn more with the 3 am example." taxonomy_blog_category: - "DevOps & IT Operations" --- [ All blogs ](https://www.sumologic.com/blog "blog")[DevOps & IT Operations](https://www.sumologic.com/blog/devops-it-operations) # Even faster 3 am troubleshooting with new logs search and query [Michael Baldani](#blog-author-block-212) April 11, 2023 2 min read [DevOps & IT Operations](https://www.sumologic.com/blog/devops-it-operations) ##### Table of contents As an SRE putting out fires all day, it’s nice to get a good night’s sleep. But there are times when that PagerDuty alert goes off in the middle of the night, forcing you to leap into action to fix a high-priority issue. This is where having the best [log analytics](https://www.sumologic.com/guides/log-analytics/) tool is critical to easily search and query the log data, perform deep-dive troubleshooting and analysis and quickly come to a resolution. Sumo Logic recently released new features specific to our log analytics search and query functionality, all designed to help engineers like you be more efficient in issue resolution. So let’s imagine that dreaded 3 am PagerDuty alert. You rub the sleep out of your eyes, shuffle to your laptop and log into Sumo Logic. You review the dashboard and quickly identify the logs with the issue. ### Improved querying and default data reference Opening the saved search, you remember the query is very long and gets cut off in the window making it tedious to validate. But a recent update has made the query editor extended, letting you see long query strings so it is easier to validate that the query is still correct – nice! Querying efficiency is improved by letting you update the default partition where log data is ingested by adding “\_index=sumologic\_default” to the partition. This new function makes that log data more referenceable without having to query for an empty index, resulting in one less step to your troubleshooting process. ### Auto-complete to reduce broken queries With the source of the logs updated to the new index, you can run a quick search and look for errors by filtering for (“Error”, “error”). You see that Sumo Logic now auto-completes the closed parenthesis and quotes so you don’t have to worry about something so trivial breaking the query. ### Column pinning and results expander for better visibility While this query runs, you open another tab to run a second query on JSON logs. When results are displayed in the Messages tab, you can customize this table by pinning a specific column in the table to get better analytics visibility and faster issue analysis. Plus, since query results in the Messages tab typically default to the first ten lines, you can expand to show all JSON rows to get full visibility of the query results to have all information easily available during the troubleshooting process. After finding the root cause of the issue and fixing the problem, you click “add to dashboard from results” which creates a new panel and adds it to the dashboard for ongoing monitoring. The clock now reads 3:15 am. Thanks to Sumo Logic, there’s still plenty of time to sleep and be ready for the upcoming work day. Be sure to check out the release notes to learn how these new log search and query features help you resolve application reliability issues faster, so you can get a good night’s rest. - [Customizable Query Editor](https://www.sumologic.com/help/release-notes-service/2023/12/31/#february-24-2023-search) - [Default Index reference](https://help.sumologic.com/release-notes-service/2022/12/31/#july-14-2022-manage) - [Auto-completion of quotes and parentheses](https://www.sumologic.com/help/release-notes-service/2023/12/31/#january-5-2023-search) - [Search Table Results features](https://help.sumologic.com/release-notes-service/2022/12/31/#october-14-2022-search) ### Article Tags - [DevOps & IT Operations](https://www.sumologic.com/blog/devops-it-operations) Michael Baldani Senior Product Marketing Manager Mike Baldani is a senior product marketing manager for Observability at Sumo Logic. He has spent the last 20 years marketing software and SaaS solutions that help developers and SREs overcome the challenges they face in their daily roles. [](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=Even%20faster%203%20am%20troubleshooting%20with%20new%20logs%20search%20and%20query&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Ffaster-troubleshooting-logs-search-query "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Ffaster-troubleshooting-logs-search-query "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Ffaster-troubleshooting-logs-search-query "Linkedin") [Previous blog What are the best practices for log management?](https://www.sumologic.com/blog/log-management-best-practices)[Next blog Plan better and preempt bottlenecks with predict for metrics](https://www.sumologic.com/blog/plan-better-preempt-bottlenecks-with-predict-for-metrics) People who read this also enjoyed [ Sumo Logic AWS Region European Sovereign Cloud is now generally available June 2, 2026 ](https://www.sumologic.com/blog/sumo-logic-aws-region-european-sovereign-cloud-generally-available)[ How to secure cloud workloads without building a full-scale SOC April 30, 2026 ](https://www.sumologic.com/blog/secure-cloud-workloads-with-limited-resources)[ Join operator and Query Agent for smarter log analysis April 22, 2026 ](https://www.sumologic.com/blog/using-the-join-operator)[ 92% of security leaders say their SIEM is effective. 51% say it’s exceptional. What’s living in that gap? April 16, 2026 ](https://www.sumologic.com/blog/from-effective-to-exceptional-siem) [AI Instructions](https://www.sumologic.com/ai-instructions.md)